package org.smog.core.config.security;

import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.smog.core.config.security.filter.JwtAuthenticationFilter;
import org.smog.core.config.security.hander.JwtAccessDeniedHandler;
import org.smog.core.config.security.hander.JwtAuthenticationEntryPoint;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * springSecuriry
 *
 * @Description: Created by IntelliJ IDEA.
 * @project_name: smogTemp
 * @time: 2020-05-14 14:36
 * @email: 17685306043@163.com
 * @author: huangZhongYao
 */
@Slf4j
@Configuration
@EnableWebSecurity
@EnableGlobalAuthentication
@EnableGlobalMethodSecurity(prePostEnabled = true)
@Import(WebMvcAutoConfiguration.class)
@AllArgsConstructor
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    JwtAuthenticationFilter jwtAuthenticationTokenFilter;
    JwtAccessDeniedHandler jwtAccessDeniedHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.info("SpringSecurity 初始化配置... ");

        http.cors()
                .and()
                .csrf()
                .disable()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                /*试请求放行*/
                .antMatchers(HttpMethod.OPTIONS, new String[]{"/**"})
                .denyAll().antMatchers(new String[]{
                "/**",
        })
                .permitAll().antMatchers(new String[]{
                "/druid/**",
                "/logout",
                "/favicon.ico",
                "/doc.html",
                "/swagger-ui.html",
                "/v2/api-docs",
                "/v2/api-docs-ext",
                "/swagger-resources",
                "/actuator/**",
                "/webjars/**",
                "/swagger-resources/**"

        })
                .permitAll()
                .and()
                .headers()
                .cacheControl();

        http.exceptionHandling()
                /*添加无权访问处理器*/
                .authenticationEntryPoint(this.jwtAuthenticationEntryPoint)
                /*添加拒绝访问处理器*/
                .accessDeniedHandler(this.jwtAccessDeniedHandler);
        /*添加过滤器*/
        http.addFilterBefore(this.jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        super.configure(http);
    }


    @Override
    @Bean(name = {"org.springframework.security.authenticationManager"})
    protected AuthenticationManager authenticationManager() throws Exception {
        log.info("SpringSecurity 注册认证管理器...");
        return super.authenticationManager();
    }
}
